Labsco
github logo

audit-integrity

✓ Official36,200

by github · part of github/awesome-copilot

Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization…

🔥🔥🔥✓ VerifiedFreeQuick setup
🧩 One of 7 skills in the github/awesome-copilot package — works on its own, and pairs well with its siblings.

Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization…

Inspect the full instructions your agent will receiveExpand

This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.

by github

Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization… npx skills add https://github.com/github/awesome-copilot --skill audit-integrity Download ZIPGitHub36.2k

Audit Integrity Skill

Enforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.

When to Use

  • Every security analysis, code review, threat model, or quality scan agent run

  • Applied automatically as a post-analysis quality gate

  • Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis

Components

This skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.

Component Reference File Purpose Clarification Protocol clarification-protocol.md Ask ≤2 targeted questions before analysis when scope is ambiguous Anti-Rationalization Guard anti-rationalization-guard.md Table of prohibited rationalizations with mandatory responses Self-Critique Loop self-critique-loop.md Mandatory second-pass review after initial analysis Retry Protocol retry-protocol.md Tool failure handling — retry once, then document Non-Negotiable Behaviors non-negotiable-behaviors.md Hard rules: never fabricate, always cite evidence, report gaps Self-Reflection Quality Gate self-reflection-quality-gate.md 1–10 scoring rubric with ≥8 threshold per category Self-Learning System self-learning-system.md Lesson/Memory templates and governance rules

Execution Flow

  • Before analysis: Apply Clarification Protocol if scope is ambiguous

  • During analysis: Apply Anti-Rationalization Guard at every decision point

  • After initial pass: Execute Self-Critique Loop (mandatory second pass)

  • On tool failure: Apply Retry Protocol

  • Before delivery: Run Self-Reflection Quality Gate (all categories must score ≥8)

  • After delivery: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)

Agent-Specific Adaptation

Each agent customizes the Self-Critique Loop checklist and Self-Reflection Quality Gate categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.

Example extensions per agent type

  • SAST/SCA agents: Add taint trace completeness and manifest coverage checks

  • SonarQube-style agents: Add rating sanity check (A–E consistency with findings)

  • Threat modeling agents: Add STRIDE category completeness per trust boundary

  • Code review agents: Add trust boundary audit with data flow tracing